Conversation
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughAdds four GitHub Actions workflows for building, manual and automatic releasing, and promoting artifacts; updates project version in Changes
Sequence Diagram(s)sequenceDiagram
participant GH as GitHub Actions
participant Repo as GitHub Packages (repo)
participant Gradle as Gradle (build/release)
participant Nexus as Sonatype Nexus (staging)
GH->>Repo: Download versioned artifacts (promote.yml)
Repo-->>GH: Return artifact files
GH->>GH: Bundle downloaded files (bundle.jar)
GH->>Nexus: Upload bundle to staging (bundle_upload)
Nexus-->>GH: Return staging repository URI (JSON)
GH->>Nexus: Poll staging status until closed/ready
Nexus-->>GH: Status updates
GH->>Nexus: Promote staged repository (bulk/promote)
GH->>Gradle: Run build/release steps (build.yml / release.yml / manually-release.yml)
Gradle-->>GH: Produce artifacts / release result
GH->>Repo: Upload built artifacts (build job)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 9
🧹 Nitpick comments (1)
.github/workflows/promote.yml (1)
34-53: Makejaravailability explicit for reproducibility.The script uses
jar -cvfbut does not explicitly install/setup a JDK in this workflow. Addingactions/setup-javamakes toolchain behavior deterministic.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/promote.yml around lines 34 - 53, The workflow uses the jar command in the "Upload package" step (BUNDLE_FILE, jar -cvf) but never ensures a JDK is installed; add an explicit actions/setup-java step before the Upload package step to install a specific Java version and set JAVA_HOME so the jar tool is available and behavior is reproducible; reference the "Upload package" step and BUNDLE_FILE/jar invocation and configure setup-java with a fixed java-version and distribution so the jar command runs deterministically.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/build.yml:
- Line 57: Replace the mutable workflow ref by pinning the reusable workflow to
a specific commit SHA: locate the uses entry
"reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@main" and
replace the "@main" suffix with the exact commit SHA from the upstream
repository (e.g., "...@<commit-sha>"); ensure you fetch the immutable SHA for
the desired version and update the uses string accordingly so the workflow
references that commit instead of the branch.
In @.github/workflows/manually-release.yml:
- Around line 6-14: The workflow defines a required input named version but
never uses it in the Gradle release invocation; update the release step that
runs the Gradle command (the step invoking the Gradle release task / the
./gradlew release call) to pass the input into Gradle properties (e.g., use the
workflow input version via ${{ github.event.inputs.version }} as -Pversion=...
and similarly wire scripts_version and bom_version if needed) or remove the
unused version input from the workflow inputs block if version is intended to be
auto-derived.
- Line 17: The GH_USER_NAME environment variable is set to the literal string
"github.actor" instead of using workflow expression syntax; update the workflow
to assign GH_USER_NAME using the GitHub context expression (github.actor) so it
evaluates at runtime and passes the correct actor value to later steps
(referenced where GH_USER_NAME is used on line 49); locate the GH_USER_NAME key
in the job/env block and replace the literal with the proper expression form.
- Line 27: Update the checkout action usage to the latest supported release by
replacing the current reference "uses: actions/checkout@v2" with the modern
major version (e.g., "actions/checkout@v6"); ensure the workflow
(manually-release.yml) meets the runner requirement (Actions Runner v2.327.1+)
and adjust any workflow compatibility settings if needed so the workflow runs on
current Node.js runtimes.
In @.github/workflows/promote.yml:
- Around line 23-28: The workflow uses GITHUB_TOKEN to download GitHub Packages
artifacts but lacks explicit permissions; update the promote.yml workflow to set
the GitHub Actions permissions to include "packages: read" (either at the
top-level permissions key or in the specific job that performs the download) so
the artifact download step that uses GITHUB_TOKEN can access GitHub Packages;
ensure the permissions entry is added alongside existing workflow metadata and
before job definitions so the download step can run under restricted defaults.
- Around line 63-65: The script assigns repo using repo=`jq -r
'.repositoryUris[0]' response.json` but jq returns the literal "null" for null
values so the subsequent if [ -z "$repo" ] check misses it and exports
NEXUS_REPOSITORY=null; update the jq call or the validation: change the jq
expression to produce an empty string for null (e.g. use the // empty construct)
or alter the conditional to treat both empty and the literal "null" as invalid,
ensuring repo is rejected and the script exits before exporting
NEXUS_REPOSITORY.
In @.github/workflows/release.yml:
- Line 13: The GH_USER_NAME environment variable is set to the literal string
"github.actor" instead of interpolating the GitHub Actions context; update the
env entry that defines GH_USER_NAME in the release workflow to use the correct
Actions expression syntax (use the context interpolation for github.actor) so
the actual actor username is passed to Gradle.
- Line 22: The workflow step currently uses the deprecated action reference
"uses: actions/checkout@v2"; update that step to a supported major version (for
example "actions/checkout@v4") across the workflow so the runner uses the
maintained release, and run a quick lint/CI after changing the "uses:
actions/checkout@v2" token to confirm no other workflow syntax or compatibility
issues remain.
- Around line 17-19: Add explicit workflow permissions for the release job so
the GITHUB_TOKEN has the rights needed for git and Gradle release tasks: update
the job block named "release" to include a top-level permissions map granting at
least contents: write, issues: write (or other required scopes) and any other
scopes used by Gradle/gh actions, and ensure the job uses secrets.GITHUB_TOKEN
as the authenticated token referenced in the existing release steps.
---
Nitpick comments:
In @.github/workflows/promote.yml:
- Around line 34-53: The workflow uses the jar command in the "Upload package"
step (BUNDLE_FILE, jar -cvf) but never ensures a JDK is installed; add an
explicit actions/setup-java step before the Upload package step to install a
specific Java version and set JAVA_HOME so the jar tool is available and
behavior is reproducible; reference the "Upload package" step and
BUNDLE_FILE/jar invocation and configure setup-java with a fixed java-version
and distribution so the jar command runs deterministically.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 6a76a5a1-888c-4b68-bb9e-4083183d44f7
📒 Files selected for processing (4)
.github/workflows/build.yml.github/workflows/manually-release.yml.github/workflows/promote.yml.github/workflows/release.yml
| upload: | ||
| needs: build | ||
| if: github.ref_name == 'develop' || startsWith(github.ref_name, 'feature/') | ||
| uses: reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@main |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Check if the file exists and read the relevant section
if [ -f ".github/workflows/build.yml" ]; then
echo "=== File found. Reading lines 50-65 ==="
sed -n '50,65p' .github/workflows/build.yml
else
echo "File not found. Searching for build.yml files..."
find . -name "build.yml" -type f
fiRepository: reportportal/plugin-auth-github
Length of output: 565
🏁 Script executed:
# Also search for other `@main` references in workflow files
echo "=== Searching for `@main` references in workflow files ==="
rg "@main" .github/workflows/ --type yamlRepository: reportportal/plugin-auth-github
Length of output: 241
Pin reusable workflow to an immutable commit SHA.
Line 57 references @main, which is mutable. Pinning to a commit SHA avoids unintended behavior from upstream changes.
Suggested change
- uses: reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@main
+ uses: reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@<commit-sha>🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/build.yml at line 57, Replace the mutable workflow ref by
pinning the reusable workflow to a specific commit SHA: locate the uses entry
"reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@main" and
replace the "@main" suffix with the exact commit SHA from the upstream
repository (e.g., "...@<commit-sha>"); ensure you fetch the immutable SHA for
the desired version and update the uses string accordingly so the workflow
references that commit instead of the branch.
| version: | ||
| description: 'Release version' | ||
| required: true | ||
| scripts_version: | ||
| description: 'Gradle scripts version' | ||
| required: true | ||
| bom_version: | ||
| description: 'Commons bom version' | ||
| required: true |
There was a problem hiding this comment.
Required version input is not used in the release command.
version is mandatory at dispatch time but never consumed in Lines 48–51. This can mislead operators and cause unexpected release output.
Please either wire the input into Gradle release properties or remove the input if the version is intentionally auto-derived.
Also applies to: 48-51
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/manually-release.yml around lines 6 - 14, The workflow
defines a required input named version but never uses it in the Gradle release
invocation; update the release step that runs the Gradle command (the step
invoking the Gradle release task / the ./gradlew release call) to pass the input
into Gradle properties (e.g., use the workflow input version via ${{
github.event.inputs.version }} as -Pversion=... and similarly wire
scripts_version and bom_version if needed) or remove the unused version input
from the workflow inputs block if version is intended to be auto-derived.
| required: true | ||
|
|
||
| env: | ||
| GH_USER_NAME: github.actor |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/manually-release.yml | head -30Repository: reportportal/plugin-auth-github
Length of output: 987
🏁 Script executed:
cat .github/workflows/manually-release.yml | grep -n "GH_USER_NAME"Repository: reportportal/plugin-auth-github
Length of output: 200
Use expression syntax for GH_USER_NAME.
Line 17 stores a literal string instead of evaluating the GitHub context. Without expression syntax, GH_USER_NAME will be set to the literal string "github.actor" rather than the triggering actor's username, causing the parameter passed on line 49 to be incorrect.
Suggested fix
- GH_USER_NAME: github.actor
+ GH_USER_NAME: ${{ github.actor }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| GH_USER_NAME: github.actor | |
| GH_USER_NAME: ${{ github.actor }} |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/manually-release.yml at line 17, The GH_USER_NAME
environment variable is set to the literal string "github.actor" instead of
using workflow expression syntax; update the workflow to assign GH_USER_NAME
using the GitHub context expression (github.actor) so it evaluates at runtime
and passes the correct actor value to later steps (referenced where GH_USER_NAME
is used on line 49); locate the GH_USER_NAME key in the job/env block and
replace the literal with the proper expression form.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/manually-release.yml | head -40Repository: reportportal/plugin-auth-github
Length of output: 1319
🌐 Web query:
actions/checkout v2 deprecation end of life current version
💡 Result:
actions/checkout@v2status: It’s considered legacy/deprecated in practice because it’s one of the common actions that triggered GitHub’s Node.js 12 deprecation warnings (GitHub moved Actions off Node 12 to Node 16 by default). [1], [2]- End-of-life (EOL): GitHub has announced runtime transitions (Node12→Node16, Node16→Node20, etc.), but there isn’t a single, official “
checkout@v2EOL date” announcement that removes thev2tag specifically; the guidance is to upgrade to a supported major. [1], [2] - Current version (recommended):
actions/checkout@v6(latest release shown: v6.0.2, Jan 9, 2026). [3]v5/v6run on newer runtimes (README notesv5updated to node24 and requires Actions Runner v2.327.1+). [3]
What to change in workflows
- uses: actions/checkout@v6Sources
[1] GitHub Changelog: Node12→Node16 default transition (June 13, 2023). (github.blog)
[2] GitHub Community discussion showing the Node12 deprecation warning and recommending upgrading from actions/checkout@v2. (github.com)
[3] actions/checkout repo README showing current majors and latest release (v6.0.2), plus runner requirement for node24-based versions. (github.com)
Citations:
- 1: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/?utm_source=openai
- 2: https://github.com/orgs/community/discussions/36493
- 3: https://github.com/actions/checkout
Update actions/checkout to the latest version.
Line 27 is using actions/checkout@v2, which is legacy/deprecated following GitHub's Node.js 12 deprecation. The latest version is v6, which requires Actions Runner v2.327.1+ and runs on current node runtimes.
Suggested fix
- uses: actions/checkout@v2
+ uses: actions/checkout@v6📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| uses: actions/checkout@v2 | |
| uses: actions/checkout@v6 |
🧰 Tools
🪛 actionlint (1.7.12)
[error] 27-27: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/manually-release.yml at line 27, Update the checkout
action usage to the latest supported release by replacing the current reference
"uses: actions/checkout@v2" with the modern major version (e.g.,
"actions/checkout@v6"); ensure the workflow (manually-release.yml) meets the
runner requirement (Actions Runner v2.327.1+) and adjust any workflow
compatibility settings if needed so the workflow runs on current Node.js
runtimes.
| env: | ||
| REPOSITORY_URL: 'https://maven.pkg.github.com' | ||
| UPSTREAM_REPOSITORY_URL: 'https://oss.sonatype.org' | ||
| PACKAGE_SUFFIXES: '-javadoc.jar,-javadoc.jar.asc,-sources.jar,-sources.jar.asc,.jar,.jar.asc,.pom,.pom.asc' | ||
| PACKAGE: 'com.epam.reportportal' | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/promote.ymlRepository: reportportal/plugin-auth-github
Length of output: 5122
Add explicit packages: read permission for GitHub Packages artifact download.
This workflow downloads artifacts from GitHub Packages using GITHUB_TOKEN at line 45. Add explicit permissions so behavior is stable under restricted defaults.
Suggested fix
+permissions:
+ packages: read
+
env:
REPOSITORY_URL: 'https://maven.pkg.github.com'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| env: | |
| REPOSITORY_URL: 'https://maven.pkg.github.com' | |
| UPSTREAM_REPOSITORY_URL: 'https://oss.sonatype.org' | |
| PACKAGE_SUFFIXES: '-javadoc.jar,-javadoc.jar.asc,-sources.jar,-sources.jar.asc,.jar,.jar.asc,.pom,.pom.asc' | |
| PACKAGE: 'com.epam.reportportal' | |
| permissions: | |
| packages: read | |
| env: | |
| REPOSITORY_URL: 'https://maven.pkg.github.com' | |
| UPSTREAM_REPOSITORY_URL: 'https://oss.sonatype.org' | |
| PACKAGE_SUFFIXES: '-javadoc.jar,-javadoc.jar.asc,-sources.jar,-sources.jar.asc,.jar,.jar.asc,.pom,.pom.asc' | |
| PACKAGE: 'com.epam.reportportal' | |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/promote.yml around lines 23 - 28, The workflow uses
GITHUB_TOKEN to download GitHub Packages artifacts but lacks explicit
permissions; update the promote.yml workflow to set the GitHub Actions
permissions to include "packages: read" (either at the top-level permissions key
or in the specific job that performs the download) so the artifact download step
that uses GITHUB_TOKEN can access GitHub Packages; ensure the permissions entry
is added alongside existing workflow metadata and before job definitions so the
download step can run under restricted defaults.
| repo=`jq -r '.repositoryUris[0]' response.json` | ||
| if [ -z "$repo" ]; then | ||
| echo 'Unable to upload bundle' 1>&2 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, find and inspect the workflow file
find . -name "promote.yml" -type fRepository: reportportal/plugin-auth-github
Length of output: 106
🏁 Script executed:
# Test how jq -r behaves with null values
# Create a test JSON with null value
echo '{"repositoryUris": [null]}' | jq -r '.repositoryUris[0]'
echo "Exit code: $?"
echo "---"
# Test with empty array
echo '{"repositoryUris": []}' | jq -r '.repositoryUris[0]'
echo "Exit code: $?"Repository: reportportal/plugin-auth-github
Length of output: 114
🏁 Script executed:
# Test bash -z check with "null" string
repo="null"
if [ -z "$repo" ]; then
echo "Empty string detected"
else
echo "String is not empty: '$repo'"
fi
echo "---"
# Test the proposed fix
if [ -z "$repo" ] || [ "$repo" = "null" ]; then
echo "Either empty or null detected"
else
echo "Neither empty nor null"
fiRepository: reportportal/plugin-auth-github
Length of output: 136
🏁 Script executed:
cat -n .github/workflows/promote.yml | sed -n '60,70p'Repository: reportportal/plugin-auth-github
Length of output: 521
🏁 Script executed:
# Let me also check the full context around those lines
cat -n .github/workflows/promote.yml | sed -n '55,75p'Repository: reportportal/plugin-auth-github
Length of output: 1100
Handle jq null values explicitly when validating repository URI.
At Lines 63–65, jq -r '.repositoryUris[0]' returns the literal string "null" when the field is null in JSON, and the current -z check won't catch it. This causes the validation to pass incorrectly, and NEXUS_REPOSITORY=null is exported to the environment at line 69, causing downstream issues.
Suggested fix
- repo=`jq -r '.repositoryUris[0]' response.json`
- if [ -z "$repo" ]; then
+ repo=`jq -r '.repositoryUris[0]' response.json`
+ if [ -z "$repo" ] || [ "$repo" = "null" ]; then
echo 'Unable to upload bundle' 1>&2
cat response.json 1>&2
exit 1
fi📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| repo=`jq -r '.repositoryUris[0]' response.json` | |
| if [ -z "$repo" ]; then | |
| echo 'Unable to upload bundle' 1>&2 | |
| repo=`jq -r '.repositoryUris[0]' response.json` | |
| if [ -z "$repo" ] || [ "$repo" = "null" ]; then | |
| echo 'Unable to upload bundle' 1>&2 |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/promote.yml around lines 63 - 65, The script assigns repo
using repo=`jq -r '.repositoryUris[0]' response.json` but jq returns the literal
"null" for null values so the subsequent if [ -z "$repo" ] check misses it and
exports NEXUS_REPOSITORY=null; update the jq call or the validation: change the
jq expression to produce an empty string for null (e.g. use the // empty
construct) or alter the conditional to treat both empty and the literal "null"
as invalid, ensuring repo is rejected and the script exits before exporting
NEXUS_REPOSITORY.
| - gradle.properties | ||
|
|
||
| env: | ||
| GH_USER_NAME: github.actor |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/release.yml | head -30Repository: reportportal/plugin-auth-github
Length of output: 822
🏁 Script executed:
cat -n .github/workflows/release.yml | grep -A 2 -B 2 "GH_USER_NAME"Repository: reportportal/plugin-auth-github
Length of output: 552
Fix actor interpolation in env.
Line 13 sets a literal string (github.actor) instead of interpolating the GitHub Actions context expression. This causes Gradle to receive the wrong username value. Update to use proper interpolation syntax:
Suggested fix
- GH_USER_NAME: github.actor
+ GH_USER_NAME: ${{ github.actor }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| GH_USER_NAME: github.actor | |
| GH_USER_NAME: ${{ github.actor }} |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release.yml at line 13, The GH_USER_NAME environment
variable is set to the literal string "github.actor" instead of interpolating
the GitHub Actions context; update the env entry that defines GH_USER_NAME in
the release workflow to use the correct Actions expression syntax (use the
context interpolation for github.actor) so the actual actor username is passed
to Gradle.
| jobs: | ||
| release: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
find . -name "release.yml" -o -name "release.yaml" | head -20Repository: reportportal/plugin-auth-github
Length of output: 106
🏁 Script executed:
cat -n .github/workflows/release.yml 2>/dev/null || cat -n ./.github/workflows/release.yml 2>/dev/null || find . -type f \( -name "*.yml" -o -name "*.yaml" \) | grep -i releaseRepository: reportportal/plugin-auth-github
Length of output: 1566
Declare explicit token permissions for release operations.
This job performs authenticated release actions using secrets.GITHUB_TOKEN for git credentials and Gradle release operations (lines 33–45). Without explicit permissions, runs may fail under restricted default token settings.
Suggested fix
+permissions:
+ contents: write
+ packages: write
+
jobs:
release:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release.yml around lines 17 - 19, Add explicit workflow
permissions for the release job so the GITHUB_TOKEN has the rights needed for
git and Gradle release tasks: update the job block named "release" to include a
top-level permissions map granting at least contents: write, issues: write (or
other required scopes) and any other scopes used by Gradle/gh actions, and
ensure the job uses secrets.GITHUB_TOKEN as the authenticated token referenced
in the existing release steps.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 |
There was a problem hiding this comment.
Upgrade actions/checkout to a supported major version.
Line 22 uses actions/checkout@v2, which is too old for current runners (also confirmed by actionlint).
Suggested fix
- uses: actions/checkout@v2
+ uses: actions/checkout@v5📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| uses: actions/checkout@v2 | |
| uses: actions/checkout@v5 |
🧰 Tools
🪛 actionlint (1.7.12)
[error] 22-22: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release.yml at line 22, The workflow step currently uses
the deprecated action reference "uses: actions/checkout@v2"; update that step to
a supported major version (for example "actions/checkout@v4") across the
workflow so the runner uses the maintained release, and run a quick lint/CI
after changing the "uses: actions/checkout@v2" token to confirm no other
workflow syntax or compatibility issues remain.
1 participant
Summary by CodeRabbit